Deploying the Analytics subsystem on Linux x86_64

Deploy the API Connect Analytics subsystem on the Linux x86_64 cluster.

Before you begin

Verify that you copied the ingress issuers to the Linux x86_64 cluster.

Restriction: This task applies only to deployments where the Management and Portal subsystems were installed on Linux for IBM Z.

If you are deploying all subsystems to Linux x86_64, follow the instructions in Deploying all API management subsystems on Linux x86_64 (Platform UI) to install all subsystems at the same time with a top-level CR.


  1. Run the following command to obtain the common name from the Analytics TLS certificate on the IBM Z cluster:
    oc get secret <apiconnectCluster_name>-a7s-ing-client -o json | jq -r '.data."tls.crt"' | base64 -d | openssl x509 -text| grep CN | grep Subject | awk '{print $NF}'

    where <apiconnectCluster_name> is the name of the API Connect cluster.

  2. Create a file called analytics-certs.yaml with the following contents:

    Replace <apiconnectCluster_name> with the name of the API Connect cluster.

    # Licensed under the Apache License, Version 2.0 (the "License");
    # you may not use this file except in compliance with the License.
    # You may obtain a copy of the License at
    # Unless required by applicable law or agreed to in writing, software
    # distributed under the License is distributed on an "AS IS" BASIS,
    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    # See the License for the specific language governing permissions and
    # limitations under the License.
    kind: Certificate
      name: analytics-ingestion-client
      labels: { "management", "ibm-apiconnect", "analytics-ingestion-client"
      commonName: analytics-ingestion-client
      secretName: analytics-ingestion-client
        name: <apiconnectCluster_name>-ingress-issuer
      - "client auth"
      - "signing"
      - "key encipherment"
      duration: 17520h # 2 years
      renewBefore: 720h # 30 days
  3. Run the following command to apply the analytics-certs.yaml file to the target namespace of the Linux x86_64 :
    oc apply -f analytics-certs.yaml -n <namespace>
  4. Create a file called analytics_cr.yaml containing the desired Analytics CR configuration; for example:

    Replace <apiconnectCluster_name> with the name of the API Connect cluster, supply an appropriate value for <license_ID>, and replace <common_name> with the value you retrieved in step 1.

    kind: AnalyticsCluster
      name: apic-dev-a7s
      labels: analytics ibm-apiconnect apic-dev-a7s
      standaloneCluster: true
        accept: true
        license: <license_ID>
        use: production
        name: <apiconnectCluster_name>-self-signed
        kind: Issuer
        enabled: true
        clientSubjectDN: 'CN=<common_name>'
        clientAuthEnabled: true
        configReloadAutomatic: true
      profile: n1xc2.m16
      microServiceSecurity: certManager
        clientAuthEnabled: true
        enabled: true
        type: shared
            storageClassName: ocs-storagecluster-ceph-rbd
            volumeSize: 20Gi
  5. Run the following command to apply the analytics CR:
    oc apply -f analytics_cr.yaml -n <namespace>
  6. Run the following command to verify that the analytics cluster reports all services as READY:
    oc get analyticscluster -n <namespace>